Vulnerabilities > Grafana > Grafana > 6.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-13379 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. | 8.2 |
| 2020-05-24 | CVE-2020-13430 | Cross-site Scripting vulnerability in Grafana Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | 6.1 |
| 2020-04-29 | CVE-2020-12458 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. | 5.5 |
| 2020-04-27 | CVE-2020-12052 | Cross-site Scripting vulnerability in Grafana Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | 4.3 |
| 2020-04-24 | CVE-2020-12245 | Cross-site Scripting vulnerability in Grafana Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. | 4.3 |